Privacy Policy
Last Updated: November 28, 2025
Introduction
Welcome to Strua ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we handle your information.
Strua is a self-help mental health toolkit that provides evidence-based techniques for building emotional resilience. We are NOT a medical service, therapy provider, or HIPAA-covered entity. We do not collect, store, or transmit Protected Health Information (PHI).
Contact Information:
Email: Dr.G@strua.app
Location: Florida, United States
Website: strua.app
Our Privacy Philosophy
We believe in data minimization and user control. We collect only what's necessary to provide our service, and we give you control over your data.
Key Principles:
We collect minimal personal information
Your progress tracking and tool usage data stays on YOUR device (we never see it)
We never sell your data
We use privacy-focused analytics (no invasive tracking)
You can delete your account and data anytime
What Information We Collect
1. Information You Provide Directly
Email Address (Required):
Used for account creation and login
Used to send service updates and important notices
Used for password reset functionality
Collected via Mailchimp during early access signup
Password (Required for app access):
Stored in encrypted (hashed) form
We cannot see your actual password
Used only for account authentication
Payment Information (for Pro/Lifetime subscriptions):
Processed securely by Stripe (our payment processor)
We do NOT store credit card numbers or payment details
Stripe provides us only with: payment status, subscription tier, and transaction date
See Stripe's Privacy Policy: https://stripe.com/privacy
Optional Information:
First name (for email personalization)
Any information you choose to include when contacting support
2. Information Collected Automatically
Website Analytics:
We use Plausible Analytics, a privacy-focused analytics service
Plausible does NOT use cookies
Plausible does NOT track you across websites
We collect only: page views, referral sources, and general location (country/state level)
Plausible is GDPR, CCPA, and PECR compliant
See Plausible's Privacy Policy: https://plausible.io/privacy
Essential Cookies:
Login session cookies (to keep you logged in)
Security cookies (to prevent fraud and protect your account)
These are necessary for the service to function
Device and Browser Information:
Device type (mobile, tablet, desktop)
Operating system
Browser type
This helps us optimize the app for different devices
3. Information We Do NOT Collect
We do NOT collect or store:
❌ Your tool usage data (which tools you use, when, or how often)
❌ Your mood tracking or "how are you feeling" entries
❌ Your progress data or statistics
❌ Content of your custom tools
❌ Your pinned tools
❌ Any health information
❌ Precise location data
❌ Browsing history outside our website/app
❌ Contacts, photos, or other device data
All of this information is stored ONLY on your device and never transmitted to our servers.
How We Use Your Information
e use your information only for the following purposes:
Account Management:
Create and maintain your account
Authenticate your login
Process password resets
Send account-related notifications (subscription renewals, security alerts)
Service Delivery:
Provide access to tools and meditations based on your subscription tier
Process payments through Stripe
Provide customer support
Communication:
Send important service updates (privacy policy changes, new features)
Respond to your support requests
Send occasional product updates (you can unsubscribe anytime)
Product Improvement:
Analyze aggregated, anonymous usage patterns (via Plausible)
Understand which pages are most visited
Improve website performance and user experience
Legal Compliance:
Comply with applicable laws and regulations
Respond to legal requests or prevent fraud
We do NOT use your information for:
❌ Targeted advertising
❌ Selling to third parties
❌ Profiling or automated decision-making
❌ Tracking your behavior across other websites
How Your Data Is Stored
Server-Side Storage (Our Database)
We store only:
Email address
Encrypted password
Account creation date
Subscription tier (Free/Pro/Lifetime)
Payment status (via Stripe)
Security Measures:
Data stored on secure servers (AWS or similar)
Encryption in transit (HTTPS/TLS)
Encryption at rest for sensitive data
Regular security audits
Limited employee access (need-to-know basis)
Device-Side Storage (Your Phone/Computer)
Stored locally on YOUR device only:
Tool usage history
Mood tracking entries
Custom tools you create
Pinned tools
Progress statistics
All "how are you feeling" data
Important Notes:
We never see this data
We never transmit it to our servers
If you delete the app or lose your device, this data is lost
Pro users can export this data as backup (CSV/PDF)
Data Sharing and Disclosure
We do NOT sell, rent, or trade your personal information to third parties.
We share your information only with:
Service Providers (Data Processors)
Stripe (Payment Processing):
Processes subscription payments
Receives: Email address, payment information
Purpose: Process payments securely
Privacy Policy: https://stripe.com/privacy
Mailchimp (Email Service - Early Access Only):
Manages early access email list
Receives: Email address, first name (if provided)
Purpose: Send launch notifications
Privacy Policy: https://mailchimp.com/legal/privacy/
Plausible Analytics:
Privacy-focused website analytics
Receives: Anonymous usage data (no personal information)
Purpose: Understand website traffic
Privacy Policy: https://plausible.io/privacy
Cloud Hosting Provider (AWS, Vercel, or similar):
Hosts our application and database
Receives: Account data (email, encrypted password, subscription status)
Purpose: Provide infrastructure
Subject to strict data processing agreements
Legal Requirements:
We may disclose your information if required by law or in response to:
Valid legal process (subpoena, court order)
Protection of our legal rights
Prevention of fraud or security threats
Protection of user safety
Your Data Rights
You have the following rights regarding your personal information:
Access
You can request a copy of your personal data
Contact us at Dr.G@strua.app
Correction
You can update your email address in account settings
Contact us to correct any inaccurate data
Deletion
You can delete your account anytime in app settings
We will delete your email, password, and account data within 30 days
Note: Device-stored data (progress, custom tools) is deleted immediately when you uninstall the app
Export (Pro Users)
Export your device-stored data (progress, custom tools) as CSV or PDF
This data is yours—take it with you anytime
Opt-Out of Marketing Emails
Click "unsubscribe" in any marketing email
You'll still receive important account-related emails (password resets, subscription renewals)
Data Portability
Request your data in machine-readable format (CSV)
Contact Dr.G@strua.app
Children's Privacy
Strua is not intended for children under 13 years of age.
We do not knowingly collect personal information from children under 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission. You must also be at least 16 years of age to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf). If you believe we have collected information from a child under 13, please contact us immediately at Dr.G@strua.app and we will delete it.
International Users
Strua is operated from the United States. If you are located outside the U.S., please be aware that information we collect will be transferred to and processed in the United States.
By using Strua, you consent to the transfer of your information to the United States.
For EU/UK Users (GDPR):
We process your data based on: contract performance, legitimate interest, and consent
You have additional rights under GDPR (see "Your Data Rights" section)
You can lodge a complaint with your local data protection authority
For California Users (CCPA):
We do not sell your personal information
You have the right to request disclosure of data we collect
You have the right to request deletion of your data
Contact Dr.G@strua.app to exercise your rights
Data Retention
Active Accounts:
We retain your account data as long as your account is active
Device-stored data remains until you delete the app or clear app data
Deleted Accounts:
Account data is deleted within 30 days of account deletion request
Payment records retained for 7 years (required for tax/accounting purposes)
Support emails retained for 2 years
Inactive Accounts:
Free accounts: Deleted after 2 years of inactivity
Pro accounts: Retained as long as subscription is active
Security
We take reasonable measures to protect your information:
Technical Safeguards:
HTTPS/TLS encryption for data in transit
Encrypted password storage (bcrypt hashing)
Secure server infrastructure
Regular security updates
Organizational Safeguards:
Limited employee access to user data
Security training for team members
Incident response procedures
Limitations: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
What You Can Do:
Use a strong, unique password
Don't share your password with anyone
Log out when using shared devices
Enable two-factor authentication (when available)
Cookies and Tracking
Cookies We Use
Essential Cookies (Required):
Session cookies: Keep you logged in
Security cookies: Prevent fraud and unauthorized access
These cookies are necessary for the service to function
Analytics:
We use Plausible Analytics, which does NOT use cookies
Plausible is privacy-focused and GDPR-compliant
We do NOT use:
❌ Advertising cookies
❌ Social media tracking pixels
❌ Cross-site tracking cookies
❌ Third-party analytics cookies (no Google Analytics)
Managing Cookies
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of Strua.
To disable cookies:
Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Third-Party Links
Strua may contain links to third-party websites or resources (e.g., research citations, crisis resources).
We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
Crisis Resources We Link To:
988 Suicide & Crisis Lifeline
Crisis Text Line
SAMHSA National Helpline
These are external services with their own privacy policies.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
Changes in our practices
Changes in legal requirements
New features or services
How We Notify You:
Post updated policy on our website with new "Last Updated" date
Send email notification for material changes
Require acceptance of new terms on next login (for significant changes)
Your Continued Use: Continued use of Strua after policy changes constitutes acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: Dr.G@strua.app
Response Time: We aim to respond within 5 business days.
For Data Rights Requests: Please include "Data Request" in the subject line and specify your request (access, deletion, correction, export).
Disclaimers
Not Medical Advice: Strua is a self-help tool, not a medical service. We do not provide therapy, diagnosis, or medical advice. If you are in crisis, please contact:
988 Suicide & Crisis Lifeline (call or text)
Crisis Text Line: Text HOME to 741741
911 for emergencies
Not HIPAA Covered: We are not a HIPAA-covered entity. We do not collect or store Protected Health Information (PHI). Your usage data stays on your device.
Device Data Loss: Because progress tracking data is stored on your device (not our servers), you may lose this data if you:
Delete the app
Lose or damage your device
Clear app data
Switch devices without exporting
We recommend Pro users regularly export their data as backup.
End of Privacy Policy
This Privacy Policy is effective as of November 28, 2025.
For the most current version, visit: strua.app/privacy